We introduced \textit{R}, an end-to-end tool for creating ROP payloads.  We explained our gadget detection and classification process, which was along the lines of Schwartz et. al.'s \textit{Q} \cite{schwartz} and attempted a comparison with ROPgadget.  We also presented our dynamic stack structure resolution technique and implementation of lib(c) resolution.  At the end we presented five diverse sample payloads, which all succeed despite ASLR and W$\oplus$X policies, though notable shortcomings, such as excessively frequent null-bytes and bloated payload size, limit the practical effectiveness of our payloads.  Our results demonstrate that current ASLR and W$\oplus$X policies are not sufficient to defend against ROP attacks, because they do not fully randomize the address space. We believe that ASLR should be fully implemented, whenever possible, in order to defend against these attacks.
